i2c: fix kernel memory disclosure in dev interface

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

i2c_smbus_xfer() does not always fill an entire block, allowing
kernel stack memory disclosure through the temp variable. Clear
it before it's read to.

Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org

authored by

Vlad Tsyrklevich and committed by

Wolfram Sang 9 years ago 30f939fe a121103c

+1 -1

1 changed file

expand all

drivers

i2c

i2c-dev.c

+1 -1

drivers/i2c/i2c-dev.c

··· 331 331 unsigned long arg) 332 332 { 333 333 struct i2c_smbus_ioctl_data data_arg; 334 - union i2c_smbus_data temp; 334 + union i2c_smbus_data temp = {}; 335 335 int datasize, res; 336 336 337 337 if (copy_from_user(&data_arg,